An anonymous reader shares a report: Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it's still unclear how many Americans were impacted by the cyberattack. Last month, Andrew Witty, the CEO of Change Healthcare's parent company UnitedHealth Group, said that the stolen files include the personal health information of "a substantial proportion of people in America." On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted "I think, maybe a third [of Americans] or somewhere of that level."

Kaiser Permanente is the latest healthcare giant to report a data breach. Kaiser said 13.4 million current and former insurance members had their patient data shared with third-party advertisers, thanks to an improperly implemented tracking code the company used to see how its members navigated through its websites. Dark Reading reports: The shared data included names, IP addresses, what pages people visited, whether they were actively signed in, and even the search terms they used when visiting the company's online health encyclopedia. Kaiser has reportedly removed the tracking code from its sites, and while the incident wasn't a hacking event, the breach is still concerning from a security perspective, according to Narayana Pappu, CEO at Zendata.

"The presence of third-party trackers belonging to advertisers, and the oversharing of customer information with these trackers, is a pervasive problem in both health tech and government space," he explains. "Once shared, advertisers have used this information to target ads at users for complementary products (based on health data); this has happened multiple times in the past few years, including at Goodrx. Although this does not fit the traditional definition of a data breach, it essentially results in the same outcome -- an entity and the use case the data was not intended for has access to it. There is usually no monitoring/auditing process to identify and prevent the issue."

The Supreme Court on Tuesday refused to block on free speech grounds a provision of Texas law aimed at preventing minors from accessing pornographic content online. From a report: The justices turned away a request made by the Free Speech Coalition, a pornography industry trade group, as well as several companies. The challengers said the 2023 law violates the Constitution's First Amendment by requiring anyone using the platforms in question, including adults, to submit personal information.

One provision of the law, known as H.B. 1181, mandates that platforms verify users' ages by requiring them to submit information about their identities. Although the law is aimed at limiting children's access to sexually explicit content, the lawsuit focuses on how those measures also affect adults. "Specifically, the act requires adults to comply with intrusive age verification measures that mandate the submission of personally identifying information over the internet in order to access websites containing sensitive and intimate content," the challengers wrote in court papers.

One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole. From a report: Julius Kivimaki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo. After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists. At least one suicide has been linked to the case, which has shocked the country.

Kivimaki has been sentenced to six years and three months in prison. In terms of the number of victims, his trial was the biggest criminal case in Finnish history. One of them gave their reaction to the BBC. "The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence," said Tiina Parrika. "After this there rise thoughts about how short the conviction is, when reflected against the number of victims," she added. "But, that's the Finnish law and I must accept that."

Eight prominent U.S. newspapers owned by investment giant Alden Global Capital are suing OpenAI and Microsoft for copyright infringement, in a complaint filed Tuesday in the Southern District of New York. From a report: Until now, the Times was the only major newspaper to take legal action against AI firms for copyright infringement. Many other news publishers, including the Financial Times, the Associated Press and Axel Springer, have instead opted to strike paid deals with AI companies for millions of dollars annually, undermining the Times' argument that it should be compensated billions of dollars in damages.

The lawsuit is being filed on behalf of some of the most prominent regional daily newspapers in the Alden portfolio, including the New York Daily News, Chicago Tribune, Orlando Sentinel, South Florida Sun Sentinel, San Jose Mercury News, Denver Post, Orange County Register and St. Paul Pioneer Press.

Jules Roscoe reports via 404 Media: Russia has replaced Wikipedia with a state-sponsored encyclopedia that is a clone of the original Russian Wikipedia but which conveniently has been edited to omit things that could cast the Russian government in poor light. Real Russian Wikipedia editors used to refer to the real Wikipedia as Ruwiki; the new one is called Ruviki, has "ruwiki" in its url, and has copied all Russian-language Wikipedia articles and strictly edited them to comply with Russian laws. The new articles exclude mentions of "foreign agents," the Russian government's designation for any person or entity which expresses opinions about the government and is supported, financially or otherwise, by an outside nation. [...]

Wikimedia RU, the Russian-language chapter of the non-profit that runs Wikipedia, was forced to shut down in late 2023 amid political pressure due to the Ukraine war. Vladimir Medeyko, the former head of the chapter who now runs Ruviki, told Novaya Gazeta Europe in July that he believed Wikipedia had problems with "reliability and neutrality." Medeyko first announced the project to copy and censor the 1.9 million Russian-language Wikipedia articles in June. The goal, he said at the time, was to edit them so that the information would be "trustworthy" as a source for all Russian users. Independent outlet Bumaga reported in August that around 110 articles about the war in Ukraine were missing in full, while others were severely edited. Ruviki also excludes articles about reports of torture in prisons and scandals of Russian government representatives. [...]

Graphic designer Constantine Konovalov calculated the number of characters changed between Wikipedia RU and Ruviki articles on the same topics, and found that there were 205,000 changes in articles about freedom of speech; 158,000 changes in articles about human rights; 96,000 changes in articles about political prisoners; and 71,000 changes in articles about censorship in Russia. He wrote in a post on X that the censorship was "straight out of a 1984 novel." Interestingly, the Ruviki article about George Orwell's 1984 entirely omits the Ministry of Truth, which is the novel's main propaganda outlet concerned with governing "truth" in the country.

Longtime Slashdot reader ArchieBunker shares a report from The Mirror: The city court in Syktyvkar, the largest city in Russia's northwestern Komi region, announced it had arrested [former world chess champion Garry Kasparov] in absentia alongside former Russian parliament member Gennady Gudkov, Ivan Tyutrin co-founder of the Free Russia Forum -- which has been designated as an "undesirable organization in the country -- as well as former environmental activist Yevgenia Chirikova. All were charged with setting up a terrorist society, according to the court's press service. As all were charged in their absence, none were physically held in custody.

"The court has selected a measure of restraint for Garry Kasparov, Gennady Gudkov, Yevgenia Chirikova and Ivan Tyutrin, charged with establishing and heading a terrorist society, funding terrorist activity and justifying it publicly," the court said according to Kremlin-backed outlet TASS. "The court granted the investigative bodies' motions to remand Kasparov, Gudkov, Chirikova and Tyutrin in custody as a measure of restraint."

Kasparov responded to the court's bizarre arrest statement in an April 24 post shared on X, formerly Twitter. "In absentia is definitely the best way I've ever been arrested," he said. "Good company, as well. I'm sure we're all equally honored that Putin's terror state is spending time on this that would otherwise go persecuting and murdering." The report notes that Kasparov "found himself in Russian President Vladimir Putin's firing line after he voiced his opposition to the country's leader." The report continues: "He has also pursued pro-democracy initiatives in Russia. But he felt unable to continue living in Russia after he was jailed and allegedly beaten by police in 2012, according to the Guardian. He was granted Croatian citizenship in 2014 following repeated difficulties in Russia."

An anonymous reader shared a report this week from Reuters: The U.S. Department of Commerce is reviewing the national security implications of China's work in open-source RISC-V chip technology, according to a letter sent to U.S. lawmakers...

The technology is being used by major Chinese tech firms such as Alibaba Group Holding and has become a new front in the strategic competition over advanced chip technology between the U.S. and China. In November, 18 U.S. lawmakers from both houses of Congress pressed the Biden administration for its plans to prevent China "from achieving dominance in ... RISC-V technology and leveraging that dominance at the expense of U.S. national and economic security."

In a letter last week to the lawmakers that was seen by Reuters on Tuesday, the Commerce Department said it is "working to review potential risks and assess whether there are appropriate actions under Commerce authorities that could effectively address any potential concerns."

But the Commerce Department also noted that it would need to tread carefully to avoid harming U.S. companies that are part of international groups working on RISC-V technology.

Pursuing an unfair business practices case against Amazon, America's Federal Trade Commission has now "accused" Amazon of using Signal, reports the Seattle Times:

The newspaper notes that the app "can be set to automatically delete messages, to hide information related to the FTC's ongoing antitrust investigation into the company." In a court filing this week, the FTC moved to "compel" Amazon to share more information about its policies and instructions related to using the Signal app... The FTC accused Amazon executives of manually turning on the feature to delete messages in Signal even after the company learned that the FTC was investigating and had told Amazon to keep documents, emails and other messages.

Many of Amazon's senior leaders used Signal, according to the FTC, including former CEO and current chair Jeff Bezos, CEO Andy Jassy, and general counsel David Zapolsky, as well as Jeff Wilke, former head of Amazon's worldwide consumer business, and Dave Clark, former worldwide operations chief. "Amazon is a company that tightly controls what its employees put into writing," FTC attorneys said in a court filing Thursday. "But Amazon's senior leadership also used another channel for internal communications and avoided the need to talk carefully by destroying the records of their messages...."

In the court filing Thursday, the FTC asked Amazon to provide two troves of documents related to its use of Signal: Amazon's document preservation notices and its instructions about the use of "ephemeral messaging applications, including Signal." The FTC said Amazon waited for more than a year after it learned of the investigation to instruct its employees to preserve Signal messages. "It is highly likely that relevant information has been destroyed as a result of Amazon's actions and inactions," the FTC wrote in court records.

An anonymous reader shared this report from the Associated Press: Poland's prosecutor general told the parliament on Wednesday that powerful Pegasus spyware was used against hundreds of people during the former government in Poland, among them elected officials. Adam Bodnar told lawmakers that he found the scale of the surveillance "shocking and depressing...." The data showed that Pegasus was used in the cases of 578 people from 2017 to 2022, and that it was used by three separate government agencies: the Central Anticorruption Bureau, the Military Counterintelligence Service and the Internal Security Agency. The data show that it was used against six people in 2017; 100 in 2018; 140 in 2019; 161 in 2020; 162 in 2021; and then nine in 2022, when it stopped.... Bodnar said that the software generated "enormous knowledge" about the "private and professional lives" of those put under surveillance. He also stressed that the Polish state doesn't have full control over the data that is gathered because the system operates on the basis of a license that was granted by an Israeli company.
"Pegasus gives its operators complete access to a mobile device, allowing them to extract passwords, photos, messages, contacts and browsing history and activate the microphone and camera for real-time eavesdropping."

"A former high school athletic director was arrested Thursday morning," reports CBS News, "after allegedly using artificial intelligence to impersonate the school principal in a recording..." One-time Pikesville High School employee Dazhon Darien is facing charges that include theft, stalking, disruption of school operations and retaliation against a witness. Investigators determined he faked principal Eric Eiswert's voice and circulated the audio on social media in January. Darien's nickname, DJ, was among the names mentioned in the audio clips he allegedly faked, according to the Baltimore County State's Attorney's Office.

Baltimore County detectives say Darien created the recording as retaliation against Eiswert, who had launched an investigation into the potential mishandling of school funds, Baltimore County Police Chief Robert McCullough said on Thursday. Eiswert's voice, which police and AI experts believe was simulated, made disparaging comments toward Black students and the surrounding Jewish community. The audio was widely circulated on social media.
The article notes that after the faked recording circulated on social media the principal "was temporarily removed from the school, and waves of hate-filled messages circulated on social media, while the school received numerous phone calls."

The suspect had actually used the school's network multiple times to perform online searches for OpenAI tools, "which police linked to paid OpenAI accounts."

Reuters reports that America's Federal Aviation Administration "is investigating a union's claims that Boeing retaliated against two employees who in 2022 insisted the planemaker re-evaluate prior engineering work on 777 and 787 jets."

The employees' union "said the two unidentified engineers were representatives of the FAA, which delegates some of its oversight authority and certification process to Boeing workers." The FAA noted on Tuesday that in 2022 it boosted oversight of planemakers by protecting aviation industry employees who perform agency functions from interference by their employers. A December 2021 Senate report found "FAA's certification process suffers from undue pressure on line engineers and production staff."

"Boeing can tell Congress and the media all it wants about how retaliation is strictly prohibited," said SPEEA Director of Strategic Development Rich Plunkett. "But our union is fighting retaliation cases on a regular basis, and, in this specific case, Boeing is trying to hide information that would shed light on what happened...."

Last week, Boeing quality engineer whistleblower Sam Salehpour, who raised questions about Boeing widebody jets, told senators he was told to "shut up" when he flagged safety concerns. He has said he was removed from the 787 program and transferred to the 777 jet due to his questions.
Boeing has "zero tolerance for retaliation," according a statement quoted by Reuters, in which the company says they "encourage our employees to speak up when they see an issue. After an extensive review of documentation and interviewing more than a dozen witnesses, our investigators found no evidence of retaliation or interference. We have determined the allegations are unsubstantiated."

The union's version of the story? "After nearly six months of debate, the two engineers, with backing from the FAA, prevailed. Boeing re-did the required analysis." The two engineers were still Boeing employees, however, and Boeing management was not pleased. When they came up for their next performance reviews, the two engineers received identical negative evaluations... Even after the manager of the two engineers admitted that he had rated them both poorly at the request of the 777 and 787 managers who had been forced to resubmit their work, Boeing refused to change the engineers' performance evaluations.

At this point, one of the engineers left in disgust; the other filed a formal "Speak Up" complaint with Boeing.

America's Federal Trade Commission "is sending more than $5.6 million in refunds to consumers," reports the Associated Press, "as part of a settlement with Amazon-owned Ring, which was charged with failing to protect private video footage from outside access." In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers.
According to their announcement Tuesday, the FTC is now sending 117,044 PayPal payments to affected consumers...

Sarah Perez reports via TechCrunch: EyeEm, the Berlin-based photo-sharing community that exited last year to Spanish company Freepik after going bankrupt, is now licensing its users' photos to train AI models. Earlier this month, the company informed users via email that it was adding a new clause to its Terms & Conditions that would grant it the rights to upload users' content to "train, develop, and improve software, algorithms, and machine-learning models." Users were given 30 days to opt out by removing all their content from EyeEm's platform. Otherwise, they were consenting to this use case for their work.

At the time of its 2023 acquisition, EyeEm's photo library included 160 million images and nearly 150,000 users. The company said it would merge its community with Freepik's over time. Despite its decline, almost 30,000 people are still downloading it each month, according to data from Appfigures. Once thought of as a possible challenger to Instagram -- or at least "Europe's Instagram" -- EyeEm had dwindled to a staff of three before selling to Freepik, TechCrunch's Ingrid Lunden previously reported. Joaquin Cuenca Abela, CEO of Freepik, hinted at the company's possible plans for EyeEm, saying it would explore how to bring more AI into the equation for creators on the platform. As it turns out, that meant selling their work to train AI models. [...]

Of note, the notice says that these deletions from EyeEm market and partner platforms could take up to 180 days. Yes, that's right: Requested deletions take up to 180 days but users only have 30 days to opt out. That means the only option is manually deleting photos one by one. Worse still, the company adds that: "You hereby acknowledge and agree that your authorization for EyeEm to market and license your Content according to sections 8 and 10 will remain valid until the Content is deleted from EyeEm and all partner platforms within the time frame indicated above. All license agreements entered into before complete deletion and the rights of use granted thereby remain unaffected by the request for deletion or the deletion." Section 8 is where licensing rights to train AI are detailed. In Section 10, EyeEm informs users they will forgo their right to any payouts for their work if they delete their account -- something users may think to do to avoid having their data fed to AI models. Gotcha!

The FTC is issuing more than $5.6 million in refunds to Ring customers as part of a privacy settlement. The Associated Press reports: In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers. According to a Tuesday notice, the FTC is sending 117,044 PayPal payments to impacted consumers who had certain types of Ring devices -- including indoor cameras -- during the timeframes that the regulators allege unauthorized access took place. Eligible customers will need to redeem these payments within 30 days, according to the FTC -- which added that consumers can contact this case's refund administrator, Rust Consulting, or visit the FTC's FAQ page on refunds for more information about the process.